Hello!
I want grant access to my site just for tor browser users. How can I detect users of the Tor browser, and not those who access the site through a Tor proxy?
I want to detect him on my backend side and dont want to use additional js or etc, just by request headers. So its real?
You can just check if the user comes from one of this IPs: https://check.torproject.org/torbulkexitlist
if so, the user is using Tor
1 Like
All Tor Browser users use the IP address of exit relays, so whitelist all (currently) 2,459 of them.
I assume when you refer to Tor proxy, you mean a service like Tor2web.
You can use a onionsite.
Let’s say you have a “block page” for “malicious” IPs.
On that page, put a link for your onionsite.
That way, any Tor users that got blocked by the block page will be able to access your site through the onion version, without complicated javascript.
Perhaps I expressed myself incorrectly, English is not my native language.
I have a hidden service (aaaaaa.onion) and I want to protect it from “leakage to the white internet”. Previously, I came across a similar site that was accessible only through the Tor browser, and if I take a regular browser (let’s say Mozilla) and enable the use of Tor proxy in it, the site informed me that I should use the Tor browser (100% check was not through Javascript and definitely not compared to the user agent).
Hi, then I have no idea how this is done since my knowledge of website operation is quite lacking
I can’t help you here, but in other words, what you are trying to tell is how you can limit your service to only be accesible from the tor browser and not from others with capability to access the network, such as Brave.
Tor discourages this:
Maybe, if you list the site which gives this behaviour, someone can check it out… If you want, of course.
This site is offline last year(